Key highlights:

  • 83% of IT decision-makers across Australia and New Zealand agree that Zero Trust is the future of their firms’ security 
  • 46% of organisations are interested in Zero Trust but internal teams lack time or expertise to adopt best practices effectively  
  • perception that Zero Trust is expensive and requires an operational overhaul has led to piecemeal deployments that could prove costly in the long run 
  • communication being overlooked but critical to gain buy-in for Zero Trust security strategies 

Zero Trust is fast emerging as global best practice in cybersecurity and local leaders are on board with 83% considering it essential to the future of their organisation’s security. 

The finding comes from a study conducted by Forrester Consulting – commissioned by Datacom, Australasia’s largest homegrown technology services provider – which looked at how cybersecurity decision-makers are approaching Zero Trust in this part of the world. 

Of 204 cybersecurity decision-makers* at organisations across Australia and New Zealand surveyed by Forrester, 58% indicated they were well on their way to implementing Zero Trust, while just 17% were yet to begin. 

Escalating cybersecurity risks compounded by rapid digital transformation and the shift to remote working spurred by the Covid-19 pandemic have seen security advisors urge the move to Zero Trust to combat cyber-attacks and data breaches.  

With a Zero Trust strategy in place, the default position for an organisation’s IT security is that every person and device must be verified and authorised before getting access to information, devices or networks.  

“A Zero Trust approach keeps your people and your organisation safe by giving the right people access to the right data and applications and removing unnecessary risks,” says Karl Wright, Datacom’s Chief Information Officer and Chief Information Security Officer. 

Despite the high level of support for Zero Trust from cybersecurity decision-makers and business leaders, Wright says the study highlights several potential barriers to successful implementation that need to be addressed, including one surprising group of detractors – those responsible for implementing and managing it. 

While 83% of decision-makers see Zero Trust as the future of their firms’ security, only 52% of security teams were seen as supporters at the outset of Zero Trust implementations. Just 40% of operational business or technology teams were identified as supporters at the outset. 

Forty-eight percent of the decision-makers surveyed said their “stakeholders struggled to understand the business value of adopting a Zero Trust approach.” 

Wright says the study shows the importance of communication as part of a company’s Zero Trust strategy is being vastly underestimated: 52% of cybersecurity decision-makers in the survey identified technical knowledge as the most important factor in driving Zero Trust programmes, while just 13% identified communication as important. 

“Stakeholders are not buying into Zero Trust because they are not getting the information they need. Implementing a Zero Trust approach is not as simple as adopting a new piece of technology and organisations really need to consider adopting a change management approach.” 

“For the IT and security teams that are going to roll this out, they need to know a Zero Trust approach will give them more visibility into their organisation’s security status and make it easier to protect their business from breaches,” says Wright. 

 

Datacom's Karl Wright
Datacom CISO Karl Wright says smart cybersecurity leaders know that technology is not enough to keep your company safe.

“Employees need to know that Zero Trust is not about locking them out of the apps and data they need. Having the right Zero Trust architecture and protocols in place provides simplified, secure access to technology and information for employees and supports remote and hybrid working models.”  

 Forrester Consulting’s customer survey also revealed a trend towards piecemeal adoption of Zero Trust in Australian and New Zealand organisations. 

While over half of respondents described their organisations as “well on their way” with Zero Trust implementation, 69% of all survey respondents said they were “adopting Zero Trust piecemeal rather than taking a big-bang structured approach”. 

Wright says piecemeal adoption might work well in the short term but could lead to inefficiencies with organisations facing additional integration and operational costs in the long run. 

Survey respondents also noted differing levels of maturity in their application of Zero Trust in different areas. 

Decision-makers perceived their Zero Trust maturity highly in several key areas including analytics and automation (78%), device (78%) and network (70%) but identified cloud workload (possessing technical capability to enforce compliance controls and industry best practices against cloud repositories) at just 49%. 

“Less than half of those surveyed expressed confidence in the data and analytics at their disposal to gain insights into cloud workloads. That’s a potential risk when it comes to compliance requirements and knowing exactly where information is and who has access to it on cloud platforms.” 

Another barrier to Zero Trust adoption, highlighted by the survey results, is a lack of skills and resource: 46% of respondents said their organisation is interested in Zero Trust but their internal teams lack the time or expertise to adopt best practices effectively. 

With the global shift toward Zero Trust – including in the United States where the Biden Administration has directed all government departments to adopt Zero Trust as part of its national cybersecurity policy – Wright says local organisations will need to proactively address the barriers if they want to meet expectations from customers, partners and authorities around privacy and data security.  

Click here for the full Datacom-commissioned study conducted by Forrester Consulting.

*A commissioned study conducted by Forrester Consulting on behalf of Datacom over the period March-May 2022. Survey included 204 decision-makers responsible for cybersecurity in Australia (60%) and New Zealand (40%). Company size ranged from 200 - 499 employees to 20,000 or more employees.

Related industries
Technology
Related solutions
Security